DMVPN - remote site can access corporate LAN's but not internet
Have an interesting one I may need some assistance on.
Have a remote branch site setup on VPN (using DMVPN configuration). The site can access the main headquarters networks just fine, but can't get internet access. I think it's because the VPN router (VPN hub) located at the headquarters has a default route to it's internet routers so it can get access to the internet. We are running EIGRP internally. When I trace from the branch router to say 184.108.40.206 (common public DNS server) the trace dies at the headquarters VPN hub router. When I trace to 220.127.116.11 from the VPN hub router at the headquarters it goes straight out hits the internet routers and is fine.
Re: DMVPN - remote site can access corporate LAN's but not inter
The setup is link this.
The branch had a fiber connection, but has a backup DSL where we are running DMVPN over as a backup link. Traffic favors of course the fiber, but if there's a cut traffic will go over the backup DSL VPN link.
The branch has a default-route over the fiber to in internal router ad headquarters. The headquarters internal router has a default-route to the internet routers. Internet works fine when your traffic goes over the fiber, but when you test and take the fiber down traffic goes over the backup DSL VPN link to a router that is directly connected to the internet (our VPN hub router). This VPN hub router has a default-route pointing to the internet and a routting table of all our internal sites. This VPN hub router is not our true internet router, it's just a router with a public ip for the sites with DMVPN as a backup.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...